If Linux is difficult for the computer illiterate to use, then Windows must be complete hell for them to use.
Two letters in the newspaper today to the resident "expert". It’s probably the first week he hasn’t been asked how to change an option in MS Word or Excel. But they made me laugh. Here are my answers.
Q. If my cable connection is on all the time, is my computer vulnerable to malicious interference from the Internet during the time my computer is booting up and before my firewall software is loaded?
A. How long does your computer take to boot up? It’s probably about a minute, maybe 90 seconds, to boot up. Of course, not everything boots up all at once; the network card in your computer is only recognised and started after a few seconds. Once it’s started, Windows loads the driver. Once Windows loads the driver, the computer sends a signal to your cable box, asking to be assigned an IP address. While it’s waiting, the computer will continue booting up other parts of the operating system. Finally, once the computer has an IP address and the address of your cable router, it will become visible to the internet.
But then, your firewall software will probably load within a few seconds of the IP address coming up. Even if an attacker knew the IP address for your cable router and was waiting for you to come online, they’d have a window of approximately 10 seconds to do something to your computer. Even assuming a worst-case scenario, that such a malicious person would be waiting around for you to come online, there’s next to no chance that they would be able to open a backdoor in 10 seconds.
And let’s face it, nobody is going to keep pinging an address for hours on end just to find a single person to attack. Why on earth would they wait for you to come online when there are already millions of internet users who don’t have any protection, or who will double-click on anything they’re told to? Do you think you’re really that important to an attacker? Even if they were pinging your cable box’s address, they would have to work out what address you had with the router. They can only do that when you’re actually online. And that’s assuming that they actually knew you were online.
Besides, your cable box probably already has a firewall built-in.
So, to put it bluntly, you’re being paranoid, and you urgently need deprogramming. Yes, there are plenty of nasty people who want to attack computers. Yes, Windows is a shithouse operating system in terms of security. But there’s no chance of your scenario happening. Unpatched, unprotected Windows computers connected directly to the internet (no Network Address Translation) get attacked within an hour. Your computer cannot be compromised in a mere 5-10 seconds. That’s just ridiculous.
Q. I have an old PC running Windows 98 which has an up-to-date anti-virus program and a free edition of the Zone Alarm firewall which no longer provides Windows 98 updates. Do you know of any free firewall program that still supports Windows 98?
A. So, we go from the ridiculously paranoid to the ridiculously computer-illiterate. Both of you need deprogramming. But you need an explanation of what a firewall is, and firstly what a firewall ISN’T.
A firewall does not "enumerate badness". It doesn’t examine what comes into your computer and think "Hmm, that’s nasty" or "Hmm, that’s okay". It doesn’t even know (or need to know) what is harmful and what isn’t; therefore it doesn’t need updated definitions of this stuff.
A firewall is a very simple program. Whenever data comes into your computer from a network, it comes through with a particular "port number"; the number identifies what sort of program will deal with the data. For instance, website requests happen on port 80, no matter what web browser you use.
A firewall merely looks at connection requests. Whenever a computer from the Internet wants to open a connection with your computer (NOT the other way around), the firewall will look at the port number, consult its settings, and correspondingly allow or deny the transmission based on port number alone. If allowed, the firewall will send the data through as though nothing had occurred. If denied, the firewall will "drop" the data so that your programs never recieve it, and will not send any data back in return.
By default, a good firewall will block all incoming connections.
It doesn’t matter if you’re a genius cracker who works for the FBI, CIA, and Russian Mafia - if you try to initiate a connection with a computer that is behind a configured firewall, you will not get anywhere. If you try to connect, the firewall will drop the connection and you will never have a way into the computer. You cannot fool it by making a malicious connection request look benign - because the firewall doesn’t care; it would drop incoming connections from both Mother Teresa AND Adolf Hitler. The firewall doesn’t know what’s good and what’s bad; it just knows what ports you have asked it to allow, and it will block all other incoming ports.
Firewall programs from 10 years ago will still work effectively today, because they still do exactly the same thing as today’s programs do. They drop all connections that are on ports that you haven’t allowed.
You need to be deprogrammed from the "I need to keep giving companies money so they can protect me" way of thinking. If you want a firewall that will block any incoming connections, then your current Zone Alarm will do the job just as well as anything else out there.
(by the way, the subject of firewalls touches a sensitive spot with me. Most Windows users say that you need a 2-way firewall - that can deny connections going out from your computer. Their reasoning is "If you get infected with something, a 2-way firewall can stop it from transmitting information back or becoming part of a botnet". This is quite dumb, and many of the people who advocate 2-way firewalls probably think that a firewall is an "enumerating badness" security measure.
Firstly, most malware traffic happens on ports that are used by non-suspicious, everyday services. Malware sends spam on port 25, which is the same port used by legitimate e-mails that you send. If your computer becomes infected with something that turns it into part of a botnet, then its communication with the rest of the botnet will happen on port 6667 - Internet Relay Chat. So a 2-way firewall will stop the malware from communicating on the ports that it doesn’t communicate on. Get it?
And the second dumb thing is that firewalls don’t enumerate badness, so a firewall would not stop malware from sending e-mails yet allow your e-mail program to send them. How does your firewall know what’s malware? How would a firewall know that the 16-digit number that’s passing through an e-mail is your credit card number? It doesn’t.
The third dumb thing is that you’re shutting the gate after the horse has bolted. If a piece of malware is running on your computer, the damage has already been done. That malware can do anything to your computer that you can, which includes disabling or reconfiguring the firewall.
The fourth dumb thing is that, whenever you install a legitimate Internet program, you need to find out what port it communicates on, and then enable that port. Some firewalls can prompt you when they come in contact with a new outgoing connection, but approximately 5 minutes after that feature is enabled, you get into the habit of clicking "Allow". And besides, Windows has so many crypically-named components, you wouldn’t have any qualms about allowing something named "aries.sys" or "Plug and Play Device Manager" to communicate, despite it being known malware.
2-way firewalls? Dumb. Just use your 1-way firewall and don’t do anything stupid, and you’ll be fine.
Entries (RSS)